Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-55029

    NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.... Read more

    Affected Products : fprime
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55028

    A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.... Read more

    Affected Products : fprime
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-30216

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and pr... Read more

    Affected Products : cryptolib
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-30118

    An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-48818

    An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025

  • 7.5

    HIGH
    CVE-2025-30567

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2.... Read more

    Affected Products : wp01
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-28904

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection. This issue affects Web Directory Free: from n/a through 1.7.6.... Read more

    Affected Products : web_directory_free
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-31896

    IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : spss_statistics
    • Published: Mar. 25, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2025-2312

    A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-58105

    A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered ... Read more

    Affected Products : apex_one
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-58104

    A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ab... Read more

    Affected Products : apex_one
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2025-30214

    Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no worka... Read more

    Affected Products : frappe
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-30213

    Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vul... Read more

    Affected Products : frappe
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30212

    Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.... Read more

    Affected Products : frappe
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-2532

    Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerabili... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2531

    Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this ... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2530

    Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit ... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-27147

    The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 ... Read more

    Affected Products : glpi_inventory
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26742

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.... Read more

    Affected Products : gallery_for_social_photo
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-55604

    Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith pri... Read more

    Affected Products : appsmith
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291739 Results